Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Apple restores 'iForgot' system, fixes password flaw

Apple restores 'iForgot' system, fixes password flaw
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Mar 22, 2013, 10:59 PM
A security flaw exposed earlier on Friday has already been fixed, just hours after it was discovered, according to Apple. The issue, which could have allowed malicious users to hijack and lock out the legitimate owners, just by knowing the email address and exact birthdate of a victim. In response, Apple temporarily took its "iForgot" password-resetting service offline while it resolved the issue.

The process involved pasting a modified URL while answering the birthdate question on the password retrieval page, which allowed the attacker to reset the password. Ironically, the only defense against the vulnerability was to enable Apple's just-introduced two-step verification process, which adds a PIN code requirement before changing account info. The PIN code is only accessible through Find My iPhone or a text message to a pre-registered phone number.

The iForgot service was restored around 6:30PT after being down for approximately five and a half hours. Apple had been quick to respond to the issue, releasing a statement that it was aware of the problem and working on a fix shortly after iForgot was taken offline. The company's move likely prevented the exploit from being used widely -- no field reports of compromised accounts have been seen thus far.

All systems are now reported to be working properly, and the vulnerability has been closed.

Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Privacy Policy
All times are GMT -4. The time now is 04:34 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2